Information on source package nss

Available versions

ReleaseVersion
jessie2:3.26-1+debu8u19
stretch2:3.26.2-1.1+deb9u8
stretch (security)2:3.26.2-1.1+deb9u5
buster2:3.42.1-1+deb10u9
buster (security)2:3.42.1-1+deb10u8
bullseye2:3.61-1+deb11u3
bullseye (security)2:3.61-1+deb11u4
bookworm2:3.87.1-1
bookworm (security)2:3.87.1-1+deb12u1
trixie2:3.105-2
sid2:3.106-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-7531fixedfixedfixedfixedvulnerable (no DSA, ignored)fixedfixedCalling `PK11_Encrypt()` in NSS using CKM_CHACHA20 and the same buffer ...
CVE-2023-6135vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedMultiple NSS NIST curves were susceptible to a side-channel attack kno ...
CVE-2023-5388fixedfixedfixedvulnerable (no DSA)vulnerable (no DSA, ignored)fixedfixedNSS was susceptible to a timing side-channel attack when performing RS ...
CVE-2020-25648vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedA flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...
CVE-2019-11727vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)fixedfixedfixedfixedfixedA vulnerability exists where it possible to force Network Security Ser ...
CVE-2018-12384vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)fixedfixedfixedfixedfixedWhen handling a SSLv2-compatible ClientHello request, the server doesn ...

Open unimportant issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2017-11698vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableHeap-based buffer overflow in the __get_page function in lib/dbm/src/h ...
CVE-2017-11697vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableThe __hash_open function in hash.c:229 in Mozilla Network Security Ser ...
CVE-2017-11696vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableHeap-based buffer overflow in the __hash_open function in lib/dbm/src/ ...
CVE-2017-11695vulnerablevulnerablevulnerablevulnerablevulnerablevulnerablevulnerableHeap-based buffer overflow in the alloc_segs function in lib/dbm/src/h ...

Resolved issues

BugDescription
TEMP-0000000-583651nspr, nss: unprotected environment variables
CVE-2024-6609When almost out-of-memory an elliptic curve key which was never alloca ...
CVE-2024-6602A mismatch between allocator and deallocator could have lead to memory ...
CVE-2024-0743An unchecked return value in TLS handshake code could have caused a po ...
CVE-2023-4421The NSS code used for checking PKCS#1 v1.5 was leaking information use ...
CVE-2023-0767An attacker could construct a PKCS 12 cert bundle in such a way that c ...
CVE-2022-22747After accepting an untrusted certificate, handling an empty pkcs7 sequ ...
CVE-2022-3479A vulnerability found in nss. By this security vulnerability, nss clie ...
CVE-2021-43527NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...
CVE-2020-12413The Raccoon attack is a timing attack on DHE ciphersuites inherit in t ...
CVE-2020-12403A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i ...
CVE-2020-12402During RSA key generation, bignum implementations used a variation of ...
CVE-2020-12401During ECDSA signature generation, padding applied in the nonce design ...
CVE-2020-12400When converting coordinates from projective to affine, the modular inv ...
CVE-2020-12399NSS has shown timing differences when performing DSA signatures, which ...
CVE-2020-6829When performing EC scalar point multiplication, the wNAF point multipl ...
CVE-2019-17023After a HelloRetryRequest has been sent, the client may negotiate a lo ...
CVE-2019-17007In Network Security Services before 3.44, a malformed Netscape Certifi ...
CVE-2019-17006In Network Security Services (NSS) before 3.46, several cryptographic ...
CVE-2019-11745When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa ...
CVE-2019-11729Empty or malformed p256-ECDH public keys may trigger a segmentation fa ...
CVE-2019-11719When importing a curve25519 private key in PKCS#8format with leading 0 ...
CVE-2018-18508In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a ...
CVE-2018-12404A cached side channel attack during handshakes using RSA encryption co ...
CVE-2017-7805During TLS 1.2 exchanges, handshake hashes are generated which point t ...
CVE-2017-7502Null pointer dereference vulnerability in NSS since 3.24.0 was found w ...
CVE-2017-5462A flaw in DRBG number generation within the Network Security Services ...
CVE-2017-5461Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...
CVE-2016-9574nss before version 3.30 is vulnerable to a remote denial of service du ...
CVE-2016-9074An existing mitigation of timing side-channel attacks is insufficient ...
CVE-2016-8635It was found that Diffie Hellman Client key exchange handling in NSS 3 ...
CVE-2016-5285A Null pointer dereference vulnerability exists in Mozilla Network Sec ...
CVE-2016-2834Mozilla Network Security Services (NSS) before 3.23, as used in Mozill ...
CVE-2016-1979Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndRet ...
CVE-2016-1978Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange f ...
CVE-2016-1950Heap-based buffer overflow in Mozilla Network Security Services (NSS) ...
CVE-2016-1938The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Secur ...
CVE-2016-0800The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before ...
CVE-2015-7575Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozi ...
CVE-2015-7182Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Sec ...
CVE-2015-7181The sec_asn1d_parse_leaf function in Mozilla Network Security Services ...
CVE-2015-4000The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ena ...
CVE-2015-2730Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozi ...
CVE-2015-2721Mozilla Network Security Services (NSS) before 3.19, as used in Mozill ...
CVE-2014-3566The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other prod ...
CVE-2014-1569The definite_length_decoder function in lib/util/quickder.c in Mozilla ...
CVE-2014-1568Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before ...
CVE-2014-1544Use-after-free vulnerability in the CERT_DestroyCertificate function i ...
CVE-2014-1492The cert_TestHostName function in lib/certdb/certdb.c in the certifica ...
CVE-2014-1491Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozi ...
CVE-2014-1490Race condition in libssl in Mozilla Network Security Services (NSS) be ...
CVE-2013-5606The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Netw ...
CVE-2013-5605Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 be ...
CVE-2013-1741Integer overflow in Mozilla Network Security Services (NSS) 3.15 befor ...
CVE-2013-1740The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Net ...
CVE-2013-1739Mozilla Network Security Services (NSS) before 3.15.2 does not ensure ...
CVE-2013-1620The TLS implementation in Mozilla Network Security Services (NSS) does ...
CVE-2013-0791The CERT_DecodeCertPackage function in Mozilla Network Security Servic ...
CVE-2013-0169The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as use ...
CVE-2012-0441The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security ...
CVE-2011-3640Untrusted search path vulnerability in Mozilla Network Security Servic ...
CVE-2011-3389The SSL protocol, as used in certain configurations in Microsoft Windo ...
CVE-2010-3173The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x befo ...
CVE-2010-3170Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird bef ...
CVE-2009-3555The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as us ...
CVE-2009-2409The Network Security Services (NSS) library before 3.12.3, as used in ...
CVE-2009-2408Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...
CVE-2009-2404Heap-based buffer overflow in a regular-expression parser in Mozilla N ...

Security announcements

DSA / DLADescription
DSA-5807-1nss - security update
ELA-1231-1nss - security update
DLA-3937-1nss - security update
ELA-1054-1nss - security update
DLA-3757-1nss - security update
DLA-3634-1nss - security update
ELA-802-1nss - security update
DLA-3327-1nss - security update
DSA-5353-1nss - security update
DSA-5062-1nss - security update
DLA-2898-1nss - security update
ELA-550-1nss - security update
DLA-2836-2nss - regression update
ELA-525-2nss - regression update
DLA-2836-1nss - security update
ELA-525-1nss - security update
DSA-5016-1nss - security update
DLA-2388-1nss - security update
ELA-273-1nss - security update
ELA-256-1nss - security update
DSA-4726-1nss - security update
DLA-2266-1nss - security update
ELA-232-1nss - security update
ELA-221-1nss - security update
DLA-2058-1nss - security update
DSA-4579-1nss - security update
DLA-2015-1nss - security update
ELA-197-1nss - security update
DLA-2008-1nss - security update
ELA-194-1nss - security update
DLA-1857-1nss - security update
ELA-146-1nss - security update
DLA-1704-1nss - security update
ELA-89-1nss - security update
DLA-1138-1nss - security update
DSA-3998-1nss - security update
DSA-3872-1nss - security update
DLA-971-1nss - security update
DLA-946-1nss - security update
DLA-759-1nss - security update
DLA-677-1nss - security update
DSA-3688-1nss - security update
DLA-527-1nss - security update
DLA-507-1nss - security update
DLA-480-1nss - security update
DLA-427-1nss - security update
DLA-354-1nss - security update
DLA-315-1nss - security update
DSA-3336-1nss - security update
DSA-3186-1nss - security update
DLA-154-1nss - security update
DLA-89-1nss - security update
DSA-3071-1nss - security update
DSA-3033-1nss - security update
DLA-62-1nss - security update
DSA-2994-1nss - security update
DLA-23-1nss - security update
DSA-2800-1nss - buffer overflow
DSA-2790-1nss - uninitialized memory read
DSA-2599-1nss - mis-issued intermediates
DSA-2490-1nss - denial of service
DSA-2339-1nss - several
DSA-2300-2nss - compromised certificate authority
DSA-2300-1nss - compromised certificate authority
DSA-2203-1nss - security update
DSA-2141-2nss - protocol design flaw
DSA-2123-1nss - cryptographic weaknesses
DSA-1874-1nss - several vulnerabilities

Search for package or bug name: Reporting problems